As RF communication technology has advanced, sophisticated scanning receivers have become available that make eavesdropping on the communications of others a relatively simple matter. This proliferation of scanners is of particular concern to law enforcement agencies, who have sometimes found their efforts thwarted by the advance warning provided to perpetrators through unauthorized monitoring of tactical communications.
Of course, police agencies are not the only organizations who may wish to keep their communications secret. Various government and business groups also benefit from ensuring that information exchangers are safe from unauthorized listeners.
A method well-known in the art for providing secure communication is digital encryption of information signals. In a digital encryption system, analog information signals are digitized and applied to the input of a digital encryption device. This digitized input is known as "plain text" in the art. Of course, digital information signals do not require this digitizing step, but must sometimes be subjected to additional processing for the sake of compatibility.
In the encryption device, the plain text input is added modulo 2 to a "key stream". The key stream is a seemingly random digital bit stream that is generated by the encryption device from a unique "key". The key is a special code that is loaded into the encryption device of a particular communication unit or units. Other communication units equipped with the same key will be able to decrypt the encrypted information signals, but to communication units that do not have the right key, encrypted signals will sound like noise. Keys used for encryption and decryption of information signals are often termed "traffic keys."
Cryptanalysts are listeners who are equipped with sophisticated devices designed to circumvent system security. If even a part of a traffic key becomes known to a skilled cryptanalyst, it is possible that the secure nature of communication within the system may be compromised. For this reason, it is sometimes necessary to "re-key" the communication units with new traffic keys. Of course, re-keying may also be desirable for other reasons. To maximize system security, it is considered good operating practice to re-key communication units on a regular basis; weekly, for example. Or, a particular user or group of users may wish to communicate with another group whose traffic keys were not originally provided.
To facilitate the re-keying process, new keys may be transmitted to selected units via RF signals. This operation is known as over-the-air re-keying. Over-the-air re-keying, while a convenient capability, is made more complex by the need to keep traffic keys out of the hands of cryptanalysts. It would be inappropriate, for example, to transmit key variables over the air in an unencrypted form, or "in the clear" as it is called. To ensure that new key variables can be transmitted to users without detection, a set of special encryption keys, called shadow keys or key encryption keys, is used.
Since the threat of tampering is always present in a high-security system, key variables are generally stored in non-volatile memory devices. This is to facilitate zeroing or clearing of key variable memory in the event that tampering is detected. This clearing of the memory obviates the threat of an adversary reading the key variables from the memory device and thus compromising system security. Even in the absence of a direct tampering indication, key variables are erased if power to a communication unit's internal circuitry is interrupted for more than a predetermined period.
If key variables, including both traffic keys and shadow keys, are inadvertently erased, the successful transmission of new traffic keys in an over-the-air re-keying process is rendered impossible. Accordingly, a need arises for a method for re-keying a communication unit over the air even after inadvertent loss of encryption key variables.